Hello!
We have a Fortigate 60F running latest mature (7.2.8) FortiOS. We would like to inspect (as much as possible) email traffic, ie around 10 users accessing Exchange Online via latest Outlook clients on Windows and using default protocols (MAPI over HTTPS?). We are clear on how to inspect IMAP/POP3/SMTP traffic, but not sure how to handle Exchange Online default protocol. Fortigate docs mention RPC over HTTP (should be deprecated for Exchange) as well as MAPI. Is MAPI the way to go. If so, how should we configure policies, profiles etc. to separate from the rest of HTTP/Microsoft traffic and make sure email and antivirus detections/profiles are applied.
Also, while 7.2.8 still makes it possible to enable proxy-based policies and profiles (MAPI inspection not supported in flow-based), what is the way forward for M365 Excange Online inspection on < 2GB RAM devices for smaller networks?
Any advice is welcome. Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @mbadmin,
If you want to inspect encrypted traffic, you need to enable deep inspection. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-deep-inspection-and-import-a...
Regards,
Hello,
maybe the question was in two parts and not quite clear. For the first part we were mainly looking for confirmation from the community that MAPI over HTTPS is in fact the default protocol for Outlook 365 to Exchange Online, which we have since confirmed via https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-network-connectivity-princi...
The second part is more important. Since we are dealing with MAPI protocol and per the admin guide, we have to configure proxy-mode firewall policy and corresponding proxy-mode profiles (we are mostly interested in applying antivirus profile, email filter), since MAPI inspection is not supported in flow-mode. We are still able to do this since we are running FortiOS 7.2.8. However, from FortiOS 7.4.4. onward, proxy-mode is no longer supported on FG with less than 2 GB RAM, such as ours. Could you provide some information from your engineering if enabling MAPI inspection in flow-mode (or maybe brining back limited proxy-mode support) is in the roadmap. Otherwise, can we assume there will be no possibility to inspect Outlook 365 to Exchange Online traffic on entry level devices.
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.